Fix multiple vulnerabilities of ntp. Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@310419 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix possible login(1) argument injection in telnetd(8). [SA-16:36] Fix link_ntoa(3) buffer overflow in libc. [SA-16:37] Fix possible escape from bhyve(8) virtual machine. [SA-16:38] Fix warnings about valid time zone abbreviations. [EN-16:19] Update timezone database information. [EN-16:20] Security: FreeBSD-SA-16:36.telnetd Security: FreeBSD-SA-16:37.libc Security: FreeBSD-SA-16:38.bhyve Errata Notice: FreeBSD-EN-16:19.tzcode Errata Notice: FreeBSD-EN-16:20.tzdata Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@309635 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Update tzdata to 2016i. Note: because of what appears to be a missing MFC to stable branches, these patches were generated by doing: % rsync -av stable/10/contrib/tzdata releng/10.x/contrib/tzdata % svn add releng/10.x/contrib/tzdata Errata Notice: EN-16:19 Submitted by: gjb Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@309576 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Merge r307359 from stable/10: Incorporate a change from OpenBSD by millert@OpenBSD.org Don't warn about valid time zone abbreviations. POSIX through 2000 says that an abbreviation cannot start with ':', and cannot contain ',', '-', '+', NUL, or a digit. POSIX from 2001 on changes this rule to say that an abbreviation can contain only '-', '+', and alphanumeric characters from the portable character set in the current locale. To be portable to both sets of rules, an abbreviation must therefore use only ASCII letters." Adapted from tzcode2015f. Errata Notice: EN-16:19.tzcode Submitted by: bapt Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@309571 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix OpenSSL remote DoS vulnerability. [SA-16:35] Security: FreeBSD-SA-16:35.openssl Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@308204 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Revised SA-16:15. The initial patch didn't cover all possible overflows based on passing incorrect parameters to sysarch(2). Security: SA-16:15 Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@307933 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix bspatch heap overflow vulnerability. [SA-16:29] Fix multiple portsnap vulnerabilities. [SA-16:30] Fix multiple libarchive vulnerabilities. [SA-16:31] Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@306941 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582: Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()"). This fixes a regression introduced in SA-16:26.openssl. Submitted by: jkim PR: 212921 Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@306336 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix multiple OpenSSL vulnerabilitites. Approved by: so Security: FreeBSD-SA-16:26.openssl git-svn-id: https://svn.freebsd.org/base/releng/10.2@306230 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix bspatch heap overflow vulnerability. [SA-16:25] Fix freebsd-update(8) support of FreeBSD 11.0 release distribution. [EN-16:09] Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@303304 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix multiple ntp vulnerabilities. Security: FreeBSD-SA-16:24.ntp Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@301301 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix kernel stack disclosure in Linux compatibility layer. [SA-16:20] Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21] Security: SA-16:20 Security: SA-16:21 Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@301051 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Merge r300361 by mm@: Backport security fix for absolute path traversal vulnerability in bsdcpio. Security: CVE-2015-2304 Security: SA-16:22 Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@301047 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
- Use unsigned version of min() when handling arguments of SETFKEY ioctl. - Validate that user supplied control message length in sendmsg(2) is not negative. Security: SA-16:18 Security: CVE-2016-1886 Security: SA-16:19 Security: CVE-2016-1887 Submitted by: C Turt <cturt hardenedbsd.org> Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@300086 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix multiple OpenSSL vulnerabilitites. [SA-16:17] Fix excessive latency in x86 IPI delivery. [EN-16:07] Fix memory leak in ZFS. [EN-16:08] Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@299067 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix ntp multiple vulnerabilities. Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@298770 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
o Fix OpenSSH xauth(1) command injection. [SA-16:14] o Fix incorrect argument validation in sysarch(2). [SA-16:15] o Fix Hyper-V KVP (Key-Value Pair) daemon indefinite sleep. [EN-16:04] o Fix hv_netvsc(4) incorrect TCP/IP checksums. [EN-16:05] Errata: FreeBSD-EN-16:04.hyperv Errata: FreeBSD-EN-16:05.hv_netvsc Security: FreeBSD-SA-16:14.openssh-xauth, CVE-2016-3115 Security: FreeBSD-SA-16:15.sysarch, CVE-2016-1885 Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@296955 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Fix multiple OpenSSL vulnerabilities. Security: FreeBSD-SA-16:12.openssl Approved by: so git-svn-id: https://svn.freebsd.org/base/releng/10.2@296341 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f